Wordpress Security: Why Did My Site Get Hacked?
The previous post looked at some of the common methods by which a hacker might gain access to a Wordpress site. Understanding these methods is a crucial aspect of being able to prevent reoccurrences in future, but many site owners are left perplexed by the fact that their site has been targeted at all.
Why me?! #
It's relatively easy to understand hacker's logic for targeting large sites that hold the sensitive financial or personal data of hundreds of thousands, or even millions, of users. However, there aren't that many of these sites on the internet, certainly not when compared with the number of smaller sites that don't store any user data whatsoever. So why would a hacker spend their time trying to break into a site that might be nothing more than a temporary holding page?
It's not personal (probably) #
The first point to make is that most hacks, though directed by a hacker, often aren't being manually performed. There are many tools and scripts available to hackers that will scour the internet looking for websites that contain common vulnerabilities in specific bits of software. Once identified, these sites will be flagged and will at some point be revisited to make an attempt at exploiting the identified security hole.
There are cases where a hacker or group of hackers will be targeting a specific site. A common example of this would typically be where hackers are trying to bring down or gain access to a large site that has multiple layers of security in place. These sites may use proprietry security techniques and would be resistant to the types of exploits that common automated scripts are designed for. Most of the more high profile hacks would be achieved by this method.
The end game #
Ultimately, hackers will target what might seem to be completely innocuous websites because it can benefit them in some way that may not be obvious at first glance. These benefits can be roughly categorised and would typically fall under one of the following goals.
Install malware/viruses #
This is possibly the most obvious reason a hacker might target a small site. By infecting your visitors with malware or viruses, they can install software onto end user's computers that may give them access to sensitive personal or financial data. This might take the form of keylogging software that gives them access to a user's bank account, or the hackers might even install ransomware to lock user's files and try to blackmail them for access.
Spam/Blackhat SEO #
Where does all of the internet's spam email come from and why can it not just be turned off? Unfortunately, part of the answer lies in hacked websites. Once attackers have access to the site, they can set these up to quickly generate thousands of spam emails. These exploited sites sites are often quickly shut down by the hosts but by this time the hackers have often achieved their goal and moved on to using another site.
However, spam doesn't just take the form of emails. Another common hack takes the form of attackers adding links to your site that boost the ranking of other sites in search engines. Sometimes these hacks are only visible to the search engines, whereas other forms of this hack will redirect your users to another site. The most well-known example of this would be where sites are injected with links to pharmaceutical sites, but there are plenty of variants.
Resources/computer power #
This type of hack aims to recruit the site and its associated server power for some other purpose. This could be anything from using it as part of a botnet in order to bring down another site in a DDoS attack to simply using the site to perform some tasks anonymously, e.g. sending spam emails.
There have been plenty of high profile cases of websites being defaced in order to make a political point and this is known as hacktivism.
Sometimes websites are unfortunate enough to be the victim of hackers that are simply hacking for fun or learning the ropes of how to exploit common website vulnerabilities.
Prevention is better than a cure #
Cleaning up a hack can be quite an arduous process, so it's much better to proactively prevent an attack in the first place. The next post in this series look at some of the methods that can be used to secure a website against some of the most common Wordpress vulnerabilities.